Bug#11765255 - 58201: VALGRIND/CRASH WHEN ORDERING BY MULTIPLE AGGREGATE FUNCTIONS

We must allocate a larger ref_pointer_array. We failed to account for extra
items allocated here:
#0  find_order_in_list 
  uint el= all_fields.elements;
  all_fields.push_front(order_item); /* Add new field to field list. */
  ref_pointer_array[el]= order_item;
  order->item= ref_pointer_array + el;
#1  setup_order
#2  setup_without_group
#3  JOIN::prepare


mysql-test/r/order_by.result:
  New test case.
mysql-test/r/union.result:
  New test case.
mysql-test/t/order_by.test:
  New test case.
mysql-test/t/union.test:
  New test case.
sql/sql_lex.cc:
  find_order_in_list() may need some extra space, so multiply og_num by two.
sql/sql_union.cc:
  For UNION, the 'n_sum_items' are accumulated in the "global_parameters" select_lex.
  This number must be propagated to setup_ref_array()
  
  When preparing a 'fake_select_lex' we need to use global_parameters->order_list
  rather than fake_select_lex->order_list (see comments inside st_select_lex_unit::cleanup)

sql/sql_lex.cc

@@ -1987,6 +1987,9 @@ bool st_select_lex::setup_ref_array(THD *thd, uint order_group_num)
   if (ref_pointer_array)
     return 0;
 
+  // find_order_in_list() may need some extra space, so multiply by two.
+  order_group_num*= 2;
+
   /*
     We have to create array in prepared statement memory if it is
     prepared statement